Improper URI Scheme Handling in Emacs Text Editor by Red Hat
CVE-2025-1244

8.8HIGH

Key Information:

Status
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
12 February 2025

What is CVE-2025-1244?

A vulnerability exists in the Emacs text editor that stems from improper handling of custom 'man' URI schemes. This flaw enables attackers to execute arbitrary shell commands by deceiving users into visiting specially crafted websites or HTTP URLs containing redirects. Users should remain vigilant and avoid visiting untrusted links to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2025:1915
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:1917
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:1961
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Vasilij Schneidermann for reporting this issue.
JSON
.